mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
ch3: processed feedback from wiktor
This commit is contained in:
parent
305f039dff
commit
d20fbbc13d
1 changed files with 19 additions and 6 deletions
|
@ -31,7 +31,9 @@ Participants in symmetric-key operations need to exchange the shared secret over
|
||||||
|
|
||||||
### Benefits and downsides
|
### Benefits and downsides
|
||||||
|
|
||||||
Symmetric-key cryptography has major benefits: it is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant.
|
Symmetric-key cryptography has major benefits: it is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum].
|
||||||
|
|
||||||
|
[^postquantum]: Daniel J. Bernstein (2009). ["Introduction to post-quantum cryptography" (PDF)](http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) states that: "many important classes of cryptographic systems", including secret-key cryptographic mechanisms like AES "[..] are believed to resist classical computers and quantum computers." (pages 1, 2).
|
||||||
|
|
||||||
However, exchanging the required shared secret is a problem that needs to be solved separately.
|
However, exchanging the required shared secret is a problem that needs to be solved separately.
|
||||||
|
|
||||||
|
@ -39,9 +41,13 @@ However, exchanging the required shared secret is a problem that needs to be sol
|
||||||
|
|
||||||
### Symmetric-key cryptography in OpenPGP
|
### Symmetric-key cryptography in OpenPGP
|
||||||
|
|
||||||
Symmetric cryptography is used in OpenPGP as part of a hybrid cryptosystem.
|
Symmetric-key cryptography is used in OpenPGP in three contexts:
|
||||||
|
|
||||||
Where symmetric keys are used in OpenPGP, they are called either "message keys" or "session keys[^sessionkey]."
|
- most prominently, as part of a hybrid cryptosystem to encrypt and decrypt data,
|
||||||
|
- to encrypt [password-protected private key material](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-encryption), and
|
||||||
|
- for [password-protected data encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-symmetric-key-encrypted-ses) (a less commonly used feature of the standard).
|
||||||
|
|
||||||
|
Where symmetric keys are used in OpenPGP for data encryption, they are called either "message keys" or "session keys[^sessionkey]."
|
||||||
|
|
||||||
[^sessionkey]: In OpenPGP version 6, when using the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc), a "message key" is derived from a "session key". Previously (up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc)), the "session key" was used directly as a symmetric encryption key.
|
[^sessionkey]: In OpenPGP version 6, when using the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc), a "message key" is derived from a "session key". Previously (up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc)), the "session key" was used directly as a symmetric encryption key.
|
||||||
|
|
||||||
|
@ -49,13 +55,20 @@ Where symmetric keys are used in OpenPGP, they are called either "message keys"
|
||||||
|
|
||||||
[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality.
|
[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality.
|
||||||
|
|
||||||
In OpenPGP version 6, AEAD is used to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. With AEAD, undetected changes of ciphertext are not possible.
|
In OpenPGP version 6, AEAD was introduced as a successor to the MDC[^MDC] mechanism. AEAD is a common mechanism to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. AEAD protects against undetected changes of ciphertext.
|
||||||
|
|
||||||
|
[^MDC]: In OpenPGP version 4, a mechanism called MDC (Modification Detection Code) was introduced to serve a comparable purpose as AEAD. While MDC is a non-standard mechanism, as of this writing, there are no known attacks against the scheme.
|
||||||
|
|
||||||
|
Protecting against malleability counters a variation of the EFAIL[^efail] attack.
|
||||||
|
|
||||||
|
[^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities"](https://proton.me/blog/pgp-vulnerability-efail), especially the section "Malleability Gadget Exfiltration Channel Attack".
|
||||||
|
|
||||||
|
|
||||||
## Public-key, or asymmetric cryptography
|
## Public-key, or asymmetric cryptography
|
||||||
|
|
||||||
[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) systems use asymmetric pairs of related keys. Public-key cryptographic systems support *encryption/decryption* and *digital signature* operations.
|
[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) systems use asymmetric pairs of related keys. Public-key cryptographic systems support *encryption/decryption* as well as *digital signature* operations.
|
||||||
|
|
||||||
Unlike symmetric cryptography, public-key cryptography doesn't require participants to pre-arrange a shared secret.
|
Unlike symmetric cryptography, public-key cryptography doesn't require participants to pre-arrange a shared secret. Instead, with public-key cryptography, the public parts of the key material can be shared openly and then used for cryptographic operations.
|
||||||
|
|
||||||
(asymmetric_key_pair)=
|
(asymmetric_key_pair)=
|
||||||
### Asymmetric cryptographic key pairs
|
### Asymmetric cryptographic key pairs
|
||||||
|
|
Loading…
Reference in a new issue